3 hours 20 minutes
Hey, everybody. My name is Peter Simple own. And this is the network Security course.
This is going to be module six. Lesson three.
Prerequisites for this course have been modules one through five. And the 1st 2 modules are the 1st 2 lessons rather off module six. In the 1st 2 lessons, we took a look at computer protection components and network protection components.
In this lesson, we're going to learn all about the Windows Host firewall. Now, this is actually going to be a demo lesson, and this is going to be a two part lesson. So in the first part, we're gonna look at the Windows host firewall and the layout and where everything is and had access it and operated.
And then in the second part, we're going to create a policy or two
that could be applied for the host fireable.
All right, here we are, everybody. We are now inside the Windows computer. I've remote ID into a computer in my home lab here, and we are going to start so Windows firewall windows far walls are software based firewalls
natural because they come built inside the computer
and they can be accessed by coming down here to the control panel.
You can come up here
to control panel and then you want to go to the system and security tab up here at the top left
and then from there. Once you're in here,
you can access all of your system options and security options, and then you can get to the windows firewall.
So this is the windows far wall layout section. So as you can see here, there are two different types off windows far walls that I'm currently have going right now. So normally, all of all the options when his offers, Windows usually offers three
the home or private network firewall, the Public Network firewall. And then there's another one, which is known as the Domain Firewall. Now, I am not currently attached to any domain at the moment into that walk. That's why this firewall it does not appear. But this These are the two far walls
that I have going. As you can see, one is connected, but one is not so. The network I am currently on is considered to be a public network, so the public firewall is the one that is on right now.
So if you just want to take a quick glance at these, you can see that the state is on. You can also tell that it's on because of the green.
And then you can see incoming connections block all connections to programs that are not on the allowed A list of programs. And you can see I'm connected to network to
same thing appear at the top.
And so the first thing that we want to do
is show you had to turn it on or turn it off. Get over here. You turn it on.
And then from here, you can turn off the windows firewall just by clicking this radio button here
so you can do that with either one. And then obviously, if you hit okay, then it throws an error and says, Hey, you know, like, What are you doing? You know, turn your firewall back on. And as you can see, you have the little Red X in shield, which shows that the firewall is not currently turned on.
So normally we want trying to leave these on as much as possible. The only time we would really
might want to disable the firewall as if it is starting to interfere with how the network Far Wall would work. Sometimes the network firewall is the main one, and then sometimes the Windows far wall can interfere with the network firewall, depending on the type of network firewall that you have.
So that's one of the reasons why you may or may not want to have that on
so that we have here. So let's talk about letting a couple things in through the firewall. We can allow a program or feature to win this firewall by clicking appear, and these are programs that are running on this computer specifically.
So you see, we have some of the bond sure and Apple push services.
We have a couple of CYBERLINK programs that are running.
We have some McAfee stuff. We have network discovery, some nova pdf, and so these. These are different programs and services that are running on the computer that need access to get through the firewall.
Now you can restrict this access if you need to buy simply on checking this box and then that unchecked the two boxes right here for the private and public firewalls
now say, for example, if you wanted, Maybe have the service working on the whom fire all the private one, but not the public one. You can just check off that box right there and you can leave this one as is. It really depends on what you want to be doing.
So we can also come down to some of the advanced settings with the far wall
and we can see here this kind of gives you a overview off the different profile. So we have the window of private and we have the public. This is the one that is currently active, and it's currently the one that's being used and now have become here. Teoh the inbound rules.
We can see all the inbound rules and outbound rules
that are currently associated with this firewall.
So inbound rules are rules that get applied every time. There is an incoming connection that comes from the Internet, it into the computer so we can see that these are all things that want to that might need access to come into the computer. The outbound rules are
fairly similar. This is everything that is going out of the firewall from the computer.
So if you see here you can see that some of these have the green check mark. That means these are enabled
and some of them do not. Some of these are been great out. These are rules that have not been enabled.
Easy way to read. This is You can look at the name and then you can come over to the group. If there is a group, there's not always a group, and then you can look at the profile. So this Apple push service applies to all the profiles, which is the public private
and the domain. Whereas silver my apply on Lee to specific ones,
you can see whether the rule is applied, whether it's enabled or not, and you can see what the action is.
You can see if there is an override if need be, and then you can kind of look at some of the
You look at where these programs are running from coming in and out,
and then you can look at the source and destination addresses, depending on
what you might want to dio what you might want to filter on. And then you can also filter by the port. What what The ports running, whether it be TCP or UDP or any of
I'm sorry, any of the protocols, TCP or UDP or any of the ports. You can also specify who was allowed
and who is not. This is essentially the access control list, but we talked about were incoming and outgoing. Traffic from the firewall comes in.
It checks this access control list. And if there, if it's allowed to get in. If it's allowed to go into the computer than it has to pass this access control list now, say there's something that comes in that doesn't match any of the rules on the access control US, then it will be denied the
usually with firewalls there is the default deny where if it doesn't match any of the rules, it will just be
do not you have to explicitly allow things in,
and it works the same way with the outbound rules as well.
So if we come down here to monitoring,
we can see that your profiles we can see that the public want is active,
and we could take a look at some of the general settings and the logging settings. Walking settings keep track off what happened with the firewall when in connections we could so we could go back and take a look to see if something was allowed through or something was not allowed through on the log file, for that is right here.
So this is an example. Off the log fall, you can see some of these
came from October 18th at 10 42 and you could see it was loud. It went from
It's That's nation I P address or the source I P address, which happens to be I p of this computer. And it went out to here
and it went out on these ports Port 443 which is https, and we can see that it was outgoing because it was sent. These are the fields up here that you can see what's going on.
Sometimes there's some flags that might be involved in this, and you can kind of scroll through the log file to see what's going on to see and to see what happened. The lock files really good for tracing, um, activities off the far wall when you're trying to figure out what happened during a security incident